Oct 23 2009 6:40PM GMT
Posted by: Troy Tate
net neutrality,
blacklist,
privacy,
wiretapping,
eavesdropping,
lawsuit,
Cisco,
Microsoft,
Comcast,
TRUSTe
A web based tool I frequently use is called Network-Tools.com. I frequently use the site to lookup names associated with IP addresses and whois information and ping to the addresses. A recent notice on the page raised my concern. The notice says:
Network-Tools owner sues Microsoft, Cisco, Comcast and TRUSTe over IP Address Blacklisting
Suit alleges eavdropping, privacy policy fraud, breach of contract and defamation
Interesting stuff, huh? So why would this suit be raised? According to the page tracking the lawsuit:
The lawsuit claims that Comcast, Microsoft, and Cisco collected information about Smith’s IP addresses and either put them on a “blacklist” or gave them a poor “Reputation Score.” Comcast even blocked his communication link with a mail server he operates outside the Comcast network. The suit claims that in order to collect this information in the first place Comcast, Cisco and Microsoft violated eavesdropping laws. The suit goes on to claim that Comcast, Microsoft, and Cisco failed to adhere to their privacy policies. Continued »
Oct 23 2009 5:58PM GMT
Posted by: Troy Tate
tools,
portable application,
Windows,
windows startup,
application,
regedit,
windows service
One of the tools I frequently use is called Startup Control Panel. This is a free tool from Mike Lin. It is a portable tool so it does not require any client installation and may be run from a USB memory stick. This tool is similar to the excellent Autoruns & Autorunsc tools from Sysinternals. This is a good method to get at and manage those items that startup when your system starts.
The Startup Control panel tool window looks like the window below:
Startup Control Panel window
Using the application:
I have successfully run this utility on both XP and Vista. The dialog contains six to seven tabs, depending on your system configuration. Each tab represents one place where a program can be registered to run at system startup. These include:
- Startup (user) - the current user’s Startup folder in the Start Menu.
- Startup (common) - the common (all users) Startup folder in the Start Menu.
- HKLM / Run - the Run registry key located in HKEY_LOCAL_MACHINE. These apply for all users.
- HKCU / Run - the Run registry key located in HKEY_CURRENT_USER. These apply for the current user only.
- Services - system services that are started before the user logs in. This appears only in Win9x; on NT/2000/XP, use the Services control panel, or the Services item in Computer Management.
- Run Once - started once and once only at the next system startup.
- Deleted - programs go to the Deleted tab when you remove them from another location. They will not run at system startup, but will merely be stored should you ever want to use them again. If you delete an item from the Deleted tab, it is removed permanently.
Each page contains a list of the programs registered at that location. Use the checkbox to enable or disable individual items. Additional operations are available by right-clicking an item. You can select multiple items using the Shift and Control keys. Options include:
- New… - create a new entry. You can also drag & drop files from My Computer or Explorer.
- Edit… - edit an existing entry.
- Delete - delete the currently selected entry.
- Disable / Enable - disable or enable the selected entry. A disabled program will appear in the list with a special icon, and will not run at system startup. You can also use the checkbox next to an item to enable or disable it.
- Run Now - executes the program now.
- Send To - moves the entry from the current location to another.
- Press F5 to refresh the list at any time.
Hope you find this tool as useful as I do. Thanks for reading and let’s continue to be good network citizens.
Oct 21 2009 1:20PM GMT
Posted by: Troy Tate
Microsoft,
podcast,
webcast,
Powershell,
sql,
dba,
Development,
IIS,
AD,
Active Directory,
education,
IT education,
virtual machines,
Virtualization,
SharePoint
I just came across an excellent resource for IT professionals working with Microsoft products. It is called RunAs Radio. There are weekly podcasts about topics of interest to those of us who support Microsoft products. The podcasts are in multiple formats such as mp3, wma & AAC (iPod). I was particularly interested in the presentations on performance management. There are several presentations on this one topic. Some sample topics include:
Clint Huffman Analyzes PerfMon Logs! Mr. Huffman is the creator of the Performance Analysis of Logs tool found at Codeplex. I have found this tool very useful in tracking down server issues to show folks “it’s not the network!”
Shane Creamer Goes Deep on Performance Monitor! This is a very interesting presentation. There is a link to the video presentation portion and another link to the various audio formats. The video presentation has a very long gap in audio at the beginning (almost 12 minutes). This is because the video portion is only capturing the presenter’s audio portion and not the commentators’. You really should download both audio and video to get the full impact of the presentation.
Steven Choy Measures Server Performance!
Other topics that might be of interest includes SQL, Active Directory, IIS, cloud (Azure), Powershell, virtualization, SharePoint, information security, and many other Microsoft-centric technologies. I have subscribed to the RSS feed so I can keep up with new presentations as they are released. If you run any Microsoft technologies, or you just want to learn about some recommended best practices, then check out this resource. There might be something here that will help you “save the day”.
Thanks for reading and let’s continue to be good network citizens!
Oct 15 2009 6:44PM GMT
Posted by: Troy Tate
network analysis,
protocol analysis,
packet analysis,
packet capture,
training,
education,
wireshark,
ethereal,
tcp/ip,
trace files,
Networking,
tools,
Monitoring,
reporting,
IT education,
performance monitoring,
troubleshooting,
howto,
Metrics,
analysis,
Laura Chappell
Laura Chappel, the BitGirl, is at it again with another in her series of Wireshark Jumpstart webinars. The next one is called Wireshark Jumpstart 201: Filtering on the Good, the Bad, the Ugly. It will be held on October 27 - 10:00am-11:00am PDT (GMT-7). If you manage networks or want to manage a network, a good understanding of protocol and packet analysis will help you immensely with your career.
Some things you will learn in this webinar:
- Using the Default Capture and Display Filters
- Creating a Few Hot Capture Filters
- Filtering Tips and Tricks for Troubleshooting
- Filtering Tips and Tricks for Security
Even if you are very familiar with Wireshark or other packet capture and protocol decode tools, Laura’s seminars are well worth attending. You might even find out a little tidbit here or there because Repetition is one of the keys of learning. Unfortunately I will not be able to attend this webinar since I will be on a golf vacation in North Carolina. So, if you attend this event, please come back and share with me and other IT Trenches readers what you learned and how valuable the webinar was for you.
Thanks for reading and let’s continue to be good network citizens!
Sep 16 2009 7:00PM GMT
Posted by: Troy Tate
Performance,
performance monitoring,
perfmon,
server monitoring,
cpu,
hardware,
performance management
I didn’t realize how much I really didn’t know about CPU performance monitoring until I read this Microsoft Technet blog on Interpreting CPU Utilization for Performance Analysis. As the article says: If you rely on CPU utilization as a crucial performance metric, you could be making some big mistakes interpreting the data.
Take some time and review this recent (August 2009) posting on this issue. If you manage/monitor Windows servers and watch server performance, this article will give you a better understanding of the ins/outs of interpreting CPU utilization.
Here’s 4 of the top 9 takeaways that you will learn by reading this article:
Summary of Key Takeaways
Key takeaway #1: Processor of type A @ 100% utilization IS NOT EQUAL TO Processor of type B @ 100% utilization
Key takeaway #2: 2 HW threads on the same package @ 100% utilization IS NOT EQUAL TO 2 HW threads on different packages @ 100% utilization (for better or worse)
Key takeaway #3: 2 HW threads on the same logical core @ 100% utilization IS NOT EQUAL TO 2 HW threads on different logical cores @ 100% utilization (for better or worse)
Key takeaway #4: 2 HW threads on the same NUMA node @ 100% utilization IS NOT EQUAL TO 2 HW threads on different NUMA nodes @ 100% utilization (for better or worse)
Thanks for reading and let’s continue to be good network citizens!
Sep 14 2009 1:49PM GMT
Posted by: Troy Tate
Microsoft,
information security,
vulnerability,
risk management,
patches,
tcp-ip,
tcp,
tcp/ip,
Windows,
windows 2000,
support,
Microsoft support,
threat,
risk
Last week was the September issue of Microsoft “patch Tuesday”. The September 2009 Microsoft Security Bulletin lists a number of vulnerabilities. Microsoft held the bulletin webcast on Wednesday, September 9, to discuss the vulnerabilities and customer concerns.
One particular bulletin is creating some concerns for Microsoft Windows 2000 users. MS09-048 is a bulletin for a vulnerability to the TCP/IP stack in all current supported versions of Windows. The bulletin describes the vulnerability:
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Even though the bulletin here describes it as potential remote code execution, the webcast focused more on the denial of service threat due to this vulnerability. Unfortunately, Microsoft has chosen to not issue a patch for Windows 2000, even though Windows 2000 is a supported version of Windows with regards to patches and security fixes. ComputerWorld gives a good amount of detail in the article: Microsoft: Patching Windows 2000 ‘infeasible’ Dark Reading published Microsoft, Cisco Issue Defenses For TCP Denial-Of-Service Attack and The Register published Microsoft, Cisco issue patches for newfangled DoS exploit.
I know that there is a reasonable population of Windows 2000 machines in operation at my organization. So, this choice by Microsoft to not issue a patch for this vulnerability raises some concerns. Fortunately the vulnerable population is not publicly exposed and does not have mobile users. The layered defenses we have in place should help mitigate the risks to our environment. However, the risk is still there and the threat needs to be addressed. What other vulnerability will come out that Microsoft chooses not to address in a supported operating system? Are you facing the same situation in your environment? How large is the risk to your environment? What are you doing to address these threats? Why are you doing what you are doing? Share your thoughts with other ITKE readers.
Thanks for reading & let’s continue to be good network citizens.
Aug 19 2009 6:21PM GMT
Posted by: Troy Tate
botnet,
infection,
parasite,
autoupdate,
command and control,
command,
control,
antivirus,
configuration manager,
systems center,
Microsoft,
mcafee
Ponder this question. Are there botnets that are sexy and make you more attractive? I got this idea from the Animal Planet (Discovery) show: Monsters Inside Me: Can a Parasite Make Me Sexy? Consider a good botnet (parasite) for a minute. Is something like the McAfee ePolicy Orchestrator or Microsoft’s Systems Center Configuration Manager something like a command and control system for a good botnet? Would that be considered a sexy parasite? Is this just a symbiotic relationship that is good for all?
So, think about it… what are you infected with today that’s doing you good?
Well… maybe it’s not always good to be infected with a parasite so that’s why I say: thanks for reading & let’s continue to be good network citizens.
Aug 12 2009 3:33PM GMT
Posted by: Troy Tate
Microsoft,
Microsoft Certification,
mcse,
certification,
mcp,
job skills,
technical certification,
TechEd 2009,
Microsoft TechEd
Check out this interview during TechEd 2009 with David Elfassy. You will find out answers to many of your burning questions like:
- How much does certification really matter?
- Is an MCSE still valuable?
- Which certifications should you pick?
- Would certification be a good way to switch into another area of expertise?
- What changes are happening around Piracy with test development?
- What are his recommended steps to get started with prepping for the exam?
Thanks for reading & let’s continue to be good network citizens.
Jul 28 2009 3:11PM GMT
Posted by: Troy Tate
Microsoft,
patch management,
Metrics,
framework,
maturity model,
patch management framework,
research,
asset management,
lifecycle management
Securosis and Microsoft have teamed up and released an Open Patch Management Metrics Model. The purpose of this model is to “provide organizations with a tool to better understand their patching costs.” The model also has ten steps with multiple substeps to help guide an organization through a patch management process framework.
The document can be found on the Securosis website. More information will be released as the model matures and additional organizations contribute to the research. Let the ITKE community know your thoughts on this model and if the metrics are meaningful to your organization.
For myself, I think that the metrics would be good to gather but would be a challenge to maintain when we are always being challenged to do more with less.
Thanks for reading & let’s continue to be good network citizens!
